Original URL: http://www.theregister.co.uk/2011/06/30/military_personnel_data_breach/

Hackers steal personal data of military, gov personnel

Please don't feed the spear phishers

By Dan Goodin

Posted in Security, 30th June 2011 05:03 GMT

Hackers breached the security of a defense industry news website and stole sensitive subscriber information that could be used in attacks targeting the US military and its contractors.

Gannet Co., publisher of DefenseNews, disclosed the bad news in an advisory published Monday. Data exposed included subscribers' first and last names, usernames, passwords, email addresses, and in many cases military duty status, paygrade, and branch of service.

It's the kind of information that many infiltrators of classified government systems covet, because it allows them to send malware-laced emails that appear to come from superiors, co-workers, or friends. Such spear phishing attacks have hooked a variety of big fish over the past 18 months, including the International Monetary Fund, RSA Security, and the Oak Ridge National Laboratory.

Gannet didn't say how the attackers breached its site. It has hired and outside computer forensics company to investigate the hack and to improve security. ®